admin/nvd-json-data-feeds
1
0
Fork 0
mirror of https://github.com/fkie-cad/nvd-json-data-feeds.git synced 2025-06-19 17:31:42 +00:00
Code Issues Packages Projects Releases Wiki Activity

Auto-Update: 2023-12-01T19:00:20.325100+00:00

Browse Source
This commit is contained in:
cad-safe-bot 2023-12-01 19:00:24 +00:00
parent 42b4426a7e
commit bc1db82ad6
18 changed files with 8358 additions and 92 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

67
CVE-2021/CVE-2021-221xx/CVE-2021-22142.json
View File

@ -2,16 +2,40 @@
"id": "CVE-2021-22142",
"sourceIdentifier": "bressers@elastic.co",
"published": "2023-11-22T01:15:07.210",
"lastModified": "2023-11-22T03:36:37.770",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2023-12-01T18:43:20.167",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
"value": "Kibana contains an embedded version of the Chromium browser that the Reporting feature uses to generate the downloadable reports. If a user with permissions to generate reports is able to render arbitrary HTML with this browser, they may be able to leverage known Chromium vulnerabilities to conduct further attacks. Kibana contains a number of protections to prevent this browser from rendering arbitrary content."
},
{
"lang": "es",
"value": "Kibana contiene una versi\u00f3n integrada del navegador Chromium que la funci\u00f3n de informes utiliza para generar informes descargables. Si un usuario con permisos para generar informes puede representar HTML arbitrario con este navegador, es posible que pueda aprovechar las vulnerabilidades conocidas de Chromium para realizar m\u00e1s ataques. Kibana contiene una serie de protecciones para evitar que este navegador muestre contenido arbitrario."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH"
},
"exploitabilityScore": 2.8,
"impactScore": 5.9
},
{
"source": "bressers@elastic.co",
"type": "Secondary",
@ -35,6 +59,16 @@
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "NVD-CWE-Other"
}
]
},
{
"source": "bressers@elastic.co",
"type": "Secondary",
@ -46,14 +80,39 @@
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:elastic:kibana:*:*:*:*:*:*:*:*",
"versionStartIncluding": "7.0.0",
"versionEndExcluding": "7.13.0",
"matchCriteriaId": "59FC20DF-243E-4BC1-B48B-941728841B72"
}
]
}
]
}
],
"references": [
{
"url": "https://discuss.elastic.co/t/elastic-stack-7-13-0-and-6-8-16-security-update/273964/1",
"source": "bressers@elastic.co"
"source": "bressers@elastic.co",
"tags": [
"Vendor Advisory"
]
},
{
"url": "https://www.elastic.co/community/security",
"source": "bressers@elastic.co"
"source": "bressers@elastic.co",
"tags": [
"Vendor Advisory"
]
}
]
}

67
CVE-2021/CVE-2021-221xx/CVE-2021-22150.json
View File

@ -2,16 +2,40 @@
"id": "CVE-2021-22150",
"sourceIdentifier": "bressers@elastic.co",
"published": "2023-11-22T01:15:07.417",
"lastModified": "2023-11-22T03:36:37.770",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2023-12-01T18:53:40.177",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
"value": "It was discovered that a user with Fleet admin permissions could upload a malicious package. Due to using an older version of the js-yaml library, this package would be loaded in an insecure manner, allowing an attacker to execute commands on the Kibana server.\n"
},
{
"lang": "es",
"value": "Se descubri\u00f3 que un usuario con permisos de administrador Fleet pod\u00eda cargar un paquete malicioso. Debido al uso de una versi\u00f3n anterior de la librer\u00eda js-yaml, este paquete se cargar\u00eda de forma insegura, lo que permitir\u00eda a un atacante ejecutar comandos en el servidor Kibana."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "HIGH",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 7.2,
"baseSeverity": "HIGH"
},
"exploitabilityScore": 1.2,
"impactScore": 5.9
},
{
"source": "bressers@elastic.co",
"type": "Secondary",
@ -35,6 +59,16 @@
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-94"
}
]
},
{
"source": "bressers@elastic.co",
"type": "Secondary",
@ -46,14 +80,39 @@
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:elastic:kibana:*:*:*:*:*:*:*:*",
"versionStartIncluding": "7.10.2",
"versionEndExcluding": "7.14.1",
"matchCriteriaId": "710E6018-59E8-41A0-A1FA-D398A75FB21B"
}
]
}
]
}
],
"references": [
{
"url": "https://discuss.elastic.co/t/elastic-stack-7-14-1-security-update/283077",
"source": "bressers@elastic.co"
"source": "bressers@elastic.co",
"tags": [
"Vendor Advisory"
]
},
{
"url": "https://www.elastic.co/community/security",
"source": "bressers@elastic.co"
"source": "bressers@elastic.co",
"tags": [
"Vendor Advisory"
]
}
]
}

3009
CVE-2022/CVE-2022-238xx/CVE-2022-23820.json
View File

File diff suppressed because it is too large Load Diff

3085
CVE-2022/CVE-2022-238xx/CVE-2022-23821.json
View File

File diff suppressed because it is too large Load Diff

72
CVE-2023/CVE-2023-360xx/CVE-2023-36013.json
View File

@ -2,16 +2,40 @@
"id": "CVE-2023-36013",
"sourceIdentifier": "secure@microsoft.com",
"published": "2023-11-20T16:15:08.080",
"lastModified": "2023-11-20T19:18:51.140",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2023-12-01T17:55:52.290",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
"value": "PowerShell Information Disclosure Vulnerability"
},
{
"lang": "es",
"value": "Vulnerabilidad de divulgaci\u00f3n de informaci\u00f3n de PowerShell"
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"availabilityImpact": "NONE",
"baseScore": 6.5,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 2.8,
"impactScore": 3.6
},
{
"source": "secure@microsoft.com",
"type": "Secondary",
@ -34,10 +58,52 @@
}
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-668"
}
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:microsoft:powershell:*:*:*:*:*:*:*:*",
"versionStartIncluding": "7.2",
"versionEndExcluding": "7.2.17",
"matchCriteriaId": "B9E6D5F8-C114-4A82-AC63-EDC0E7A53F50"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:microsoft:powershell:*:*:*:*:*:*:*:*",
"versionStartIncluding": "7.3",
"versionEndExcluding": "7.3.10",
"matchCriteriaId": "F68087FE-5627-4158-9EE4-3E7035D0D1B1"
}
]
}
]
}
],
"references": [
{
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-36013",
"source": "secure@microsoft.com"
"source": "secure@microsoft.com",
"tags": [
"Patch",
"Vendor Advisory"
]
}
]
}

47
CVE-2023/CVE-2023-420xx/CVE-2023-42006.json Normal file
View File

@ -0,0 +1,47 @@
{
"id": "CVE-2023-42006",
"sourceIdentifier": "psirt@us.ibm.com",
"published": "2023-12-01T17:15:07.297",
"lastModified": "2023-12-01T17:15:07.297",
"vulnStatus": "Received",
"descriptions": [
{
"lang": "en",
"value": "IBM Administration Runtime Expert for i 7.2, 7.3, 7.4, and 7.5 could allow a local user to obtain sensitive information caused by improper authority checks. IBM X-Force ID: 265266."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "psirt@us.ibm.com",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"attackVector": "LOCAL",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 8.4,
"baseSeverity": "HIGH"
},
"exploitabilityScore": 2.5,
"impactScore": 5.9
}
]
},
"references": [
{
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/265266",
"source": "psirt@us.ibm.com"
},
{
"url": "https://www.ibm.com/support/pages/node/7085891",
"source": "psirt@us.ibm.com"
}
]
}

981
CVE-2023/CVE-2023-437xx/CVE-2023-43757.json
View File

File diff suppressed because it is too large Load Diff

62
CVE-2023/CVE-2023-45xx/CVE-2023-4590.json
View File

@ -2,16 +2,40 @@
"id": "CVE-2023-4590",
"sourceIdentifier": "cve-coordination@incibe.es",
"published": "2023-11-27T13:15:07.130",
"lastModified": "2023-11-27T13:52:09.230",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2023-12-01T18:53:07.967",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
"value": "Buffer overflow vulnerability in Frhed hex editor, affecting version 1.6.0. This vulnerability could allow an attacker to execute arbitrary code via a long filename argument through the Structured Exception Handler (SEH) registers."
},
{
"lang": "es",
"value": "Vulnerabilidad de desbordamiento del b\u00fafer en el editor hexadecimal Frhed, que afecta a la versi\u00f3n 1.6.0. Esta vulnerabilidad podr\u00eda permitir a un atacante ejecutar c\u00f3digo arbitrario a trav\u00e9s de un argumento de nombre de archivo largo a trav\u00e9s de los registros de Structured Exception Handler (SEH)."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL"
},
"exploitabilityScore": 3.9,
"impactScore": 5.9
},
{
"source": "cve-coordination@incibe.es",
"type": "Secondary",
@ -36,8 +60,18 @@
},
"weaknesses": [
{
"source": "cve-coordination@incibe.es",
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-120"
}
]
},
{
"source": "cve-coordination@incibe.es",
"type": "Secondary",
"description": [
{
"lang": "en",
@ -46,10 +80,30 @@
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:kimmov:frhed:1.6.0:*:*:*:*:*:*:*",
"matchCriteriaId": "D87EC9FE-8229-46BD-AD8E-2D22788AAB66"
}
]
}
]
}
],
"references": [
{
"url": "https://www.incibe.es/en/incibe-cert/notices/aviso/buffer-overflow-vulnerability-frhed",
"source": "cve-coordination@incibe.es"
"source": "cve-coordination@incibe.es",
"tags": [
"Third Party Advisory"
]
}
]
}

172
CVE-2023/CVE-2023-472xx/CVE-2023-47263.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2023-47263",
"sourceIdentifier": "cve@mitre.org",
"published": "2023-11-16T03:15:07.290",
"lastModified": "2023-11-16T13:51:19.370",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2023-12-01T17:42:55.113",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
@ -14,11 +14,175 @@
"value": "Ciertos productos WithSecure permiten una Denegaci\u00f3n de Servicio (DoS) en el motor antivirus al escanear un archivo PE32 difuso. Esto afecta a: \nWithSecure Client Security 15, \nWithSecure Server Security 15, \nWithSecure Email and Server Security 15, \nWithSecure Elements Endpoint Protection 17 y posteriores, \nWithSecure Client Security for Mac 15, \nWithSecure Elements Endpoint Protection for Mac 17 y posteriores, \nWithSecure Linux Security 64 12.0, \nWithSecure Linux Protection 12.0, \nWithSecure Atlant (formerly F-Secure Atlant) 15 y posteriores."
}
],
"metrics": {},
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH"
},
"exploitabilityScore": 3.9,
"impactScore": 3.6
}
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "NVD-CWE-noinfo"
}
]
}
],
"configurations": [
{
"operator": "AND",
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:withsecure:client_security:15:*:*:*:*:*:*:*",
"matchCriteriaId": "1755AB17-E9C9-4616-98B4-843B75668CA4"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:withsecure:elements_endpoint_protection:*:*:*:*:*:*:*:*",
"versionStartIncluding": "17",
"matchCriteriaId": "B92950AC-F16B-4935-93D8-39E6DC6B0B5A"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:withsecure:email_and_server_security:15:*:*:*:*:*:*:*",
"matchCriteriaId": "2E1B31DD-3C88-4826-8E24-588FED197C5D"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:withsecure:server_security:15:*:*:*:*:*:*:*",
"matchCriteriaId": "015D02AD-F46F-46DF-9CD8-E0DB78CE17DD"
}
]
},
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": false,
"criteria": "cpe:2.3:o:microsoft:windows:-:*:*:*:*:*:*:*",
"matchCriteriaId": "A2572D17-1DE6-457B-99CC-64AFD54487EA"
}
]
}
]
},
{
"operator": "AND",
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:withsecure:client_security:15:*:*:*:*:*:*:*",
"matchCriteriaId": "1755AB17-E9C9-4616-98B4-843B75668CA4"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:withsecure:elements_endpoint_protection:*:*:*:*:*:*:*:*",
"versionStartIncluding": "17",
"matchCriteriaId": "B92950AC-F16B-4935-93D8-39E6DC6B0B5A"
}
]
},
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": false,
"criteria": "cpe:2.3:o:apple:macos:-:*:*:*:*:*:*:*",
"matchCriteriaId": "387021A0-AF36-463C-A605-32EA7DAC172E"
}
]
}
]
},
{
"operator": "AND",
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:withsecure:linux_protection:12.0:*:*:*:*:*:*:*",
"matchCriteriaId": "FCA1C33E-551B-4CBF-A0C0-663A32611D29"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:withsecure:linux_security_64:12.0:*:*:*:*:*:*:*",
"matchCriteriaId": "ACBC6F42-8F62-4599-83F3-9E9147D46129"
}
]
},
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": false,
"criteria": "cpe:2.3:o:linux:linux_kernel:-:*:*:*:*:*:*:*",
"matchCriteriaId": "703AF700-7A70-47E2-BC3A-7FD03B3CA9C1"
}
]
}
]
},
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:withsecure:atlant:*:*:*:*:*:*:*:*",
"versionStartIncluding": "15.0",
"matchCriteriaId": "07CE65AD-1AEA-472D-BCBC-549CD3FA4208"
}
]
}
]
}
],
"references": [
{
"url": "https://www.withsecure.com/en/support/security-advisories/cve-2023-47263",
"source": "cve@mitre.org"
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
]
}
]
}

177
CVE-2023/CVE-2023-472xx/CVE-2023-47264.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2023-47264",
"sourceIdentifier": "cve@mitre.org",
"published": "2023-11-16T03:15:07.347",
"lastModified": "2023-11-16T13:51:19.370",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2023-12-01T18:32:28.423",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
@ -14,11 +14,180 @@
"value": "Ciertos productos WithSecure tienen una sobrelectura del b\u00fafer por lo que el procesamiento de ciertos tipos de archivos fuzz puede provocar una denegaci\u00f3n de servicio (DoS). Esto afecta a: \nWithSecure Client Security 15, \nWithSecure Server Security 15, \nWithSecure Email and Server Security 15, \nWithSecure Elements Endpoint Protection 17 y posteriores, \nWithSecure Client Security for Mac 15, \nWithSecure Elements Endpoint Protection for Mac 17 y posteriores, \nWithSecure Linux Security 64 12.0, \nWithSecure Linux Protection 12.0, \nWithSecure Atlant (formerly F-Secure Atlant) 15 y posteriores."
}
],
"metrics": {},
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH"
},
"exploitabilityScore": 3.9,
"impactScore": 3.6
}
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-125"
}
]
}
],
"configurations": [
{
"operator": "AND",
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:withsecure:client_security:15:*:*:*:*:*:*:*",
"matchCriteriaId": "1755AB17-E9C9-4616-98B4-843B75668CA4"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:withsecure:elements_endpoint_protection:*:*:*:*:*:*:*:*",
"versionStartIncluding": "17",
"matchCriteriaId": "B92950AC-F16B-4935-93D8-39E6DC6B0B5A"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:withsecure:email_and_server_security:15:*:*:*:*:*:*:*",
"matchCriteriaId": "2E1B31DD-3C88-4826-8E24-588FED197C5D"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:withsecure:server_security:15:*:*:*:*:*:*:*",
"matchCriteriaId": "015D02AD-F46F-46DF-9CD8-E0DB78CE17DD"
}
]
},
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": false,
"criteria": "cpe:2.3:o:microsoft:windows:-:*:*:*:*:*:*:*",
"matchCriteriaId": "A2572D17-1DE6-457B-99CC-64AFD54487EA"
}
]
}
]
},
{
"operator": "AND",
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:withsecure:client_security:15:*:*:*:*:*:*:*",
"matchCriteriaId": "1755AB17-E9C9-4616-98B4-843B75668CA4"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:withsecure:elements_endpoint_protection:*:*:*:*:*:*:*:*",
"versionStartIncluding": "17",
"matchCriteriaId": "B92950AC-F16B-4935-93D8-39E6DC6B0B5A"
}
]
},
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": false,
"criteria": "cpe:2.3:o:apple:macos:-:*:*:*:*:*:*:*",
"matchCriteriaId": "387021A0-AF36-463C-A605-32EA7DAC172E"
}
]
}
]
},
{
"operator": "AND",
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:withsecure:linux_protection:12.0:*:*:*:*:*:*:*",
"matchCriteriaId": "FCA1C33E-551B-4CBF-A0C0-663A32611D29"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:withsecure:linux_security_64:12.0:*:*:*:*:*:*:*",
"matchCriteriaId": "ACBC6F42-8F62-4599-83F3-9E9147D46129"
}
]
},
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": false,
"criteria": "cpe:2.3:o:linux:linux_kernel:-:*:*:*:*:*:*:*",
"matchCriteriaId": "703AF700-7A70-47E2-BC3A-7FD03B3CA9C1"
}
]
}
]
},
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:withsecure:atlant:*:*:*:*:*:*:*:*",
"versionStartIncluding": "15.0",
"matchCriteriaId": "07CE65AD-1AEA-472D-BCBC-549CD3FA4208"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:withsecure:atlant:1.0.35-1:*:*:*:*:*:*:*",
"matchCriteriaId": "3BA1712F-D879-44CA-BCAD-49D6533D1E8E"
}
]
}
]
}
],
"references": [
{
"url": "https://www.withsecure.com/en/support/security-advisories/cve-2023-47264",
"source": "cve@mitre.org"
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
]
}
]
}

71
CVE-2023/CVE-2023-487xx/CVE-2023-48706.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2023-48706",
"sourceIdentifier": "security-advisories@github.com",
"published": "2023-11-22T22:15:08.673",
"lastModified": "2023-11-24T15:24:57.673",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2023-12-01T17:54:29.457",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
@ -16,6 +16,26 @@
],
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:U/C:N/I:N/A:H",
"attackVector": "LOCAL",
"attackComplexity": "HIGH",
"privilegesRequired": "NONE",
"userInteraction": "REQUIRED",
"scope": "UNCHANGED",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"availabilityImpact": "HIGH",
"baseScore": 4.7,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 1.0,
"impactScore": 3.6
},
{
"source": "security-advisories@github.com",
"type": "Secondary",
@ -50,26 +70,63 @@
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:vim:vim:*:*:*:*:*:*:*:*",
"versionEndExcluding": "9.0.2121",
"matchCriteriaId": "F978DA02-FB07-40A0-BD9E-CAC3945B4E2D"
}
]
}
]
}
],
"references": [
{
"url": "http://www.openwall.com/lists/oss-security/2023/11/22/3",
"source": "security-advisories@github.com"
"source": "security-advisories@github.com",
"tags": [
"Mailing List",
"Patch",
"Third Party Advisory"
]
},
{
"url": "https://github.com/gandalf4a/crash_report/blob/main/vim/vim_huaf",
"source": "security-advisories@github.com"
"source": "security-advisories@github.com",
"tags": [
"Exploit"
]
},
{
"url": "https://github.com/vim/vim/commit/26c11c56888d01e298cd8044caf860f3c26f57bb",
"source": "security-advisories@github.com"
"source": "security-advisories@github.com",
"tags": [
"Patch"
]
},
{
"url": "https://github.com/vim/vim/pull/13552",
"source": "security-advisories@github.com"
"source": "security-advisories@github.com",
"tags": [
"Issue Tracking",
"Patch"
]
},
{
"url": "https://github.com/vim/vim/security/advisories/GHSA-c8qm-x72m-q53q",
"source": "security-advisories@github.com"
"source": "security-advisories@github.com",
"tags": [
"Exploit",
"Vendor Advisory"
]
}
]
}

69
CVE-2023/CVE-2023-491xx/CVE-2023-49102.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2023-49102",
"sourceIdentifier": "cve@mitre.org",
"published": "2023-11-22T22:15:08.867",
"lastModified": "2023-11-24T15:24:57.673",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2023-12-01T17:48:18.200",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
@ -14,15 +14,74 @@
"value": "NZBGet 21.1 permite la ejecuci\u00f3n remota de c\u00f3digo autenticado porque los programas de descompresi\u00f3n (7za y unrar) conservan los permisos de los archivos ejecutables. Un atacante con capacidad de Control puede ejecutar un archivo estableciendo el valor de SevenZipCommand o UnrarCmd. NOTA: Esta vulnerabilidad solo afecta a productos que ya no son compatibles con el fabricante."
}
],
"metrics": {},
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH"
},
"exploitabilityScore": 2.8,
"impactScore": 5.9
}
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "NVD-CWE-noinfo"
}
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:nzbget:nzbget:21.1:*:*:*:*:*:*:*",
"matchCriteriaId": "79CBD057-B313-47FE-95C3-A216BD116DF7"
}
]
}
]
}
],
"references": [
{
"url": "https://nzbget.net/download",
"source": "cve@mitre.org"
"source": "cve@mitre.org",
"tags": [
"Product"
]
},
{
"url": "https://sec.maride.cc/posts/nzbget/",
"source": "cve@mitre.org"
"source": "cve@mitre.org",
"tags": [
"Exploit",
"Third Party Advisory"
]
}
]
}

171
CVE-2023/CVE-2023-493xx/CVE-2023-49321.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2023-49321",
"sourceIdentifier": "cve@mitre.org",
"published": "2023-11-27T00:15:07.280",
"lastModified": "2023-11-28T19:15:07.690",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2023-12-01T18:10:56.007",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
@ -14,11 +14,174 @@
"value": "Ciertos productos WithSecure permiten una Denegaci\u00f3n de Servicio porque el escaneo de un archivo manipulado lleva mucho tiempo y hace que el esc\u00e1ner se cuelgue. Esto afecta a WithSecure Client Security 15, WithSecure Server Security 15, WithSecure Email and Server Security 15, WithSecure Elements Endpoint Protection 17 y posteriores, WithSecure Client Security para Mac 15, WithSecure Elements Endpoint Protection for Mac 17 y posteriores, WithSecure Linux Security 64 12.0, WithSecure Linux Protection 12.0, y WithSecure Atlant 1.0.35-1. "
}
],
"metrics": {},
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"availabilityImpact": "LOW",
"baseScore": 5.3,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 3.9,
"impactScore": 1.4
}
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "NVD-CWE-noinfo"
}
]
}
],
"configurations": [
{
"operator": "AND",
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:f-secure:linux_protection:12.0:*:*:*:*:*:*:*",
"matchCriteriaId": "96B5DD2D-9D5C-4475-8E8D-24950C7C5E84"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:f-secure:linux_security_64:12.0:*:*:*:*:*:*:*",
"matchCriteriaId": "4BA4ED9C-9739-435C-940E-97D6B18F217A"
}
]
},
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": false,
"criteria": "cpe:2.3:o:linux:linux_kernel:-:*:*:*:*:*:*:*",
"matchCriteriaId": "703AF700-7A70-47E2-BC3A-7FD03B3CA9C1"
}
]
}
]
},
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:f-secure:atlant:1.0.35-1:*:*:*:*:*:*:*",
"matchCriteriaId": "17C9517C-5EAD-4039-A80F-934D658143DC"
}
]
}
]
},
{
"operator": "AND",
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:f-secure:client_security:15.00:*:*:*:*:*:*:*",
"matchCriteriaId": "13507004-1DD0-4DB3-B152-DA23CE1317E9"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:f-secure:elements_endpoint_protection:*:*:*:*:*:*:*:*",
"versionStartIncluding": "17.0",
"matchCriteriaId": "F24DCDA1-6736-4CAC-A626-5871A6FEB283"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:f-secure:email_and_server_security:15.00:*:*:*:*:*:*:*",
"matchCriteriaId": "75B976BB-2359-472B-8A70-4B854C2E6749"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:f-secure:server_security:15.00:*:*:*:*:*:*:*",
"matchCriteriaId": "96BF356E-12D9-4E39-AFAE-E7B03C8D7700"
}
]
},
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": false,
"criteria": "cpe:2.3:o:microsoft:windows:-:*:*:*:*:*:*:*",
"matchCriteriaId": "A2572D17-1DE6-457B-99CC-64AFD54487EA"
}
]
}
]
},
{
"operator": "AND",
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:f-secure:client_security:15.00:*:*:*:*:*:*:*",
"matchCriteriaId": "13507004-1DD0-4DB3-B152-DA23CE1317E9"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:f-secure:elements_endpoint_protection:*:*:*:*:*:*:*:*",
"versionStartIncluding": "17.0",
"matchCriteriaId": "F24DCDA1-6736-4CAC-A626-5871A6FEB283"
}
]
},
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": false,
"criteria": "cpe:2.3:o:apple:macos:-:*:*:*:*:*:*:*",
"matchCriteriaId": "387021A0-AF36-463C-A605-32EA7DAC172E"
}
]
}
]
}
],
"references": [
{
"url": "https://www.withsecure.com/en/support/security-advisories/cve-2023-49321",
"source": "cve@mitre.org"
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
]
}
]
}

171
CVE-2023/CVE-2023-493xx/CVE-2023-49322.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2023-49322",
"sourceIdentifier": "cve@mitre.org",
"published": "2023-11-27T00:15:07.330",
"lastModified": "2023-11-28T19:15:07.737",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2023-12-01T18:25:57.977",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
@ -14,11 +14,174 @@
"value": "Ciertos productos WithSecure permiten una Denegaci\u00f3n de Servicio porque hay una falla en el controlador de descompresi\u00f3n que puede provocar una falla en el motor de escaneo. Esto afecta a WithSecure Client Security 15, WithSecure Server Security 15, WithSecure Email and Server Security 15, WithSecure Elements Endpoint Protection 17 y posteriores, WithSecure Client Security para Mac 15, WithSecure Elements Endpoint Protection para Mac 17 y posteriores, WithSecure Linux Security 64 12.0, WithSecure Linux Protection 12.0, y WithSecure Atlant 1.0.35-1. "
}
],
"metrics": {},
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH"
},
"exploitabilityScore": 3.9,
"impactScore": 3.6
}
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "NVD-CWE-noinfo"
}
]
}
],
"configurations": [
{
"operator": "AND",
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:f-secure:linux_protection:12.0:*:*:*:*:*:*:*",
"matchCriteriaId": "96B5DD2D-9D5C-4475-8E8D-24950C7C5E84"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:f-secure:linux_security_64:12.0:*:*:*:*:*:*:*",
"matchCriteriaId": "4BA4ED9C-9739-435C-940E-97D6B18F217A"
}
]
},
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": false,
"criteria": "cpe:2.3:o:linux:linux_kernel:-:*:*:*:*:*:*:*",
"matchCriteriaId": "703AF700-7A70-47E2-BC3A-7FD03B3CA9C1"
}
]
}
]
},
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:f-secure:atlant:1.0.35-1:*:*:*:*:*:*:*",
"matchCriteriaId": "17C9517C-5EAD-4039-A80F-934D658143DC"
}
]
}
]
},
{
"operator": "AND",
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:f-secure:client_security:15.00:*:*:*:*:*:*:*",
"matchCriteriaId": "13507004-1DD0-4DB3-B152-DA23CE1317E9"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:f-secure:elements_endpoint_protection:*:*:*:*:*:*:*:*",
"versionStartIncluding": "17.0",
"matchCriteriaId": "F24DCDA1-6736-4CAC-A626-5871A6FEB283"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:f-secure:email_and_server_security:15.00:*:*:*:*:*:*:*",
"matchCriteriaId": "75B976BB-2359-472B-8A70-4B854C2E6749"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:f-secure:server_security:15.00:*:*:*:*:*:*:*",
"matchCriteriaId": "96BF356E-12D9-4E39-AFAE-E7B03C8D7700"
}
]
},
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": false,
"criteria": "cpe:2.3:o:microsoft:windows:-:*:*:*:*:*:*:*",
"matchCriteriaId": "A2572D17-1DE6-457B-99CC-64AFD54487EA"
}
]
}
]
},
{
"operator": "AND",
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:f-secure:client_security:15.00:*:*:*:*:*:*:*",
"matchCriteriaId": "13507004-1DD0-4DB3-B152-DA23CE1317E9"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:f-secure:elements_endpoint_protection:*:*:*:*:*:*:*:*",
"versionStartIncluding": "17.0",
"matchCriteriaId": "F24DCDA1-6736-4CAC-A626-5871A6FEB283"
}
]
},
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": false,
"criteria": "cpe:2.3:o:apple:macos:-:*:*:*:*:*:*:*",
"matchCriteriaId": "387021A0-AF36-463C-A605-32EA7DAC172E"
}
]
}
]
}
],
"references": [
{
"url": "https://www.withsecure.com/en/support/security-advisories/cve-2023-49322",
"source": "cve@mitre.org"
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
]
}
]
}

109
CVE-2023/CVE-2023-53xx/CVE-2023-5341.json
View File

@ -2,16 +2,40 @@
"id": "CVE-2023-5341",
"sourceIdentifier": "secalert@redhat.com",
"published": "2023-11-19T10:15:49.433",
"lastModified": "2023-11-20T00:02:51.467",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2023-12-01T18:01:53.950",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
"value": "A heap use-after-free flaw was found in coders/bmp.c in ImageMagick."
},
{
"lang": "es",
"value": "Se encontr\u00f3 una falla de heap-use-after-free en coders/bmp.c en ImageMagick."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"attackVector": "LOCAL",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"availabilityImpact": "HIGH",
"baseScore": 5.5,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 1.8,
"impactScore": 3.6
},
{
"source": "secalert@redhat.com",
"type": "Secondary",
@ -35,6 +59,16 @@
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-416"
}
]
},
{
"source": "secalert@redhat.com",
"type": "Secondary",
@ -46,18 +80,83 @@
]
}
],
"configurations": [
{
"operator": "AND",
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:imagemagick:imagemagick:*:*:*:*:*:*:*:*",
"versionEndExcluding": "7.1.2",
"matchCriteriaId": "82459EA2-46DA-466E-8095-120474DAD7B9"
}
]
},
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": false,
"criteria": "cpe:2.3:o:redhat:enterprise_linux:6.0:*:*:*:*:*:*:*",
"matchCriteriaId": "2F6AB192-9D7D-4A9A-8995-E53A9DE9EAFC"
},
{
"vulnerable": false,
"criteria": "cpe:2.3:o:redhat:enterprise_linux:7.0:*:*:*:*:*:*:*",
"matchCriteriaId": "142AD0DD-4CF3-4D74-9442-459CE3347E3A"
}
]
}
]
},
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:fedoraproject:extra_packages_for_enterprise_linux:8.0:*:*:*:*:*:*:*",
"matchCriteriaId": "BB176AC3-3CDA-4DDA-9089-C67B2F73AA62"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:fedoraproject:fedora:38:*:*:*:*:*:*:*",
"matchCriteriaId": "CC559B26-5DFC-4B7A-A27C-B77DE755DFF9"
}
]
}
]
}
],
"references": [
{
"url": "https://access.redhat.com/security/cve/CVE-2023-5341",
"source": "secalert@redhat.com"
"source": "secalert@redhat.com",
"tags": [
"Vendor Advisory"
]
},
{
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2241774",
"source": "secalert@redhat.com"
"source": "secalert@redhat.com",
"tags": [
"Issue Tracking",
"Patch"
]
},
{
"url": "https://github.com/ImageMagick/ImageMagick/commit/aa673b2e4defc7cad5bec16c4fc8324f71e531f1",
"source": "secalert@redhat.com"
"source": "secalert@redhat.com",
"tags": [
"Patch"
]
}
]
}

68
CVE-2023/CVE-2023-61xx/CVE-2023-6164.json
View File

@ -2,16 +2,40 @@
"id": "CVE-2023-6164",
"sourceIdentifier": "security@wordfence.com",
"published": "2023-11-22T16:15:15.970",
"lastModified": "2023-11-22T17:31:47.393",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2023-12-01T17:05:55.893",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
"value": "The MainWP Dashboard \u2013 WordPress Manager for Multiple Websites Maintenance plugin for WordPress is vulnerable to CSS Injection via the \u2018newColor\u2019 parameter in all versions up to, and including, 4.5.1.2 due to insufficient input sanitization. This makes it possible for authenticated attackers, with administrator-level access, to inject arbitrary CSS values into the site tags."
},
{
"lang": "es",
"value": "El complemento MainWP Dashboard \u2013 WordPress Manager for Multiple Websites Maintenance para WordPress es vulnerable a la inyecci\u00f3n de CSS a trav\u00e9s del par\u00e1metro 'newColor' en todas las versiones hasta la 4.5.1.2 incluida debido a una sanitizaci\u00f3n de entrada insuficiente. Esto hace posible que atacantes autenticados, con acceso a nivel de administrador, inyecten valores CSS arbitrarios en las etiquetas del sitio."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "HIGH",
"userInteraction": "REQUIRED",
"scope": "CHANGED",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"availabilityImpact": "NONE",
"baseScore": 4.8,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 1.7,
"impactScore": 2.7
},
{
"source": "security@wordfence.com",
"type": "Secondary",
@ -34,14 +58,50 @@
}
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-79"
}
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:mainwp:mainwp:*:*:*:*:*:wordpress:*:*",
"versionEndIncluding": "4.5.1.2",
"matchCriteriaId": "5022351F-FCEE-4A33-886C-40544C432C0D"
}
]
}
]
}
],
"references": [
{
"url": "https://plugins.trac.wordpress.org/changeset?old_path=/mainwp/tags/4.5.1.2&old=2996628&new_path=/mainwp/tags/4.5.1.3&new=2996628&sfp_email=&sfph_mail=",
"source": "security@wordfence.com"
"source": "security@wordfence.com",
"tags": [
"Patch"
]
},
{
"url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/73980a90-bb17-46e4-a0ea-691f80500fe3?source=cve",
"source": "security@wordfence.com"
"source": "security@wordfence.com",
"tags": [
"Third Party Advisory"
]
}
]
}

8
CVE-2023/CVE-2023-64xx/CVE-2023-6438.json
View File

@ -2,12 +2,16 @@
"id": "CVE-2023-6438",
"sourceIdentifier": "cna@vuldb.com",
"published": "2023-11-30T17:15:13.223",
"lastModified": "2023-11-30T17:30:19.207",
"lastModified": "2023-12-01T17:15:07.480",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",
"value": "A vulnerability classified as problematic has been found in IceCMS 2.0.1. Affected is an unknown function of the file /WebArticle/articles/ of the component Like Handler. The manipulation leads to improper enforcement of a single, unique action. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. VDB-246438 is the identifier assigned to this vulnerability."
"value": "A vulnerability classified as problematic has been found in Thecosy IceCMS 2.0.1. Affected is an unknown function of the file /WebArticle/articles/ of the component Like Handler. The manipulation leads to improper enforcement of a single, unique action. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. VDB-246438 is the identifier assigned to this vulnerability."
},
{
"lang": "es",
"value": "Una vulnerabilidad ha sido encontrada en IceCMS 2.0.1 y clasificada como problem\u00e1tica. Una funci\u00f3n desconocida del archivo /WebArticle/articles/ del componente Like Handler es afectado por esta vulnerabilidad. La manipulaci\u00f3n conduce a la ejecuci\u00f3n inadecuada de una acci\u00f3n \u00fanica y \u00fanica. Es posible lanzar el ataque de forma remota. El exploit ha sido divulgado al p\u00fablico y puede utilizarse. VDB-246438 es el identificador asignado a esta vulnerabilidad."
}
],
"metrics": {

44
README.md
View File

@ -9,13 +9,13 @@ Repository synchronizes with the NVD every 2 hours.
### Last Repository Update
```plain
2023-12-01T17:00:18.687743+00:00
2023-12-01T19:00:20.325100+00:00
```
### Most recent CVE Modification Timestamp synchronized with NVD
```plain
2023-12-01T16:56:41.467000+00:00
2023-12-01T18:53:40.177000+00:00
```
### Last Data Feed Release
@ -29,36 +29,36 @@ Download and Changelog: [Click](https://github.com/fkie-cad/nvd-json-data-feeds/
### Total Number of included CVEs
```plain
231955
231956
```
### CVEs added in the last Commit
Recently added CVEs: `6`
Recently added CVEs: `1`
* [CVE-2023-45168](CVE-2023/CVE-2023-451xx/CVE-2023-45168.json) (`2023-12-01T15:15:07.623`)
* [CVE-2023-49371](CVE-2023/CVE-2023-493xx/CVE-2023-49371.json) (`2023-12-01T15:15:07.817`)
* [CVE-2023-4518](CVE-2023/CVE-2023-45xx/CVE-2023-4518.json) (`2023-12-01T15:15:07.860`)
* [CVE-2023-48813](CVE-2023/CVE-2023-488xx/CVE-2023-48813.json) (`2023-12-01T16:15:07.487`)
* [CVE-2023-48842](CVE-2023/CVE-2023-488xx/CVE-2023-48842.json) (`2023-12-01T16:15:07.550`)
* [CVE-2023-48893](CVE-2023/CVE-2023-488xx/CVE-2023-48893.json) (`2023-12-01T16:15:07.607`)
* [CVE-2023-42006](CVE-2023/CVE-2023-420xx/CVE-2023-42006.json) (`2023-12-01T17:15:07.297`)
### CVEs modified in the last Commit
Recently modified CVEs: `11`
Recently modified CVEs: `16`
* [CVE-2023-48304](CVE-2023/CVE-2023-483xx/CVE-2023-48304.json) (`2023-12-01T15:08:42.693`)
* [CVE-2023-24415](CVE-2023/CVE-2023-244xx/CVE-2023-24415.json) (`2023-12-01T15:15:07.503`)
* [CVE-2023-6021](CVE-2023/CVE-2023-60xx/CVE-2023-6021.json) (`2023-12-01T15:22:19.813`)
* [CVE-2023-6020](CVE-2023/CVE-2023-60xx/CVE-2023-6020.json) (`2023-12-01T15:22:23.380`)
* [CVE-2023-6019](CVE-2023/CVE-2023-60xx/CVE-2023-6019.json) (`2023-12-01T15:22:26.807`)
* [CVE-2023-49104](CVE-2023/CVE-2023-491xx/CVE-2023-49104.json) (`2023-12-01T16:03:59.827`)
* [CVE-2023-2438](CVE-2023/CVE-2023-24xx/CVE-2023-2438.json) (`2023-12-01T16:07:56.973`)
* [CVE-2023-2440](CVE-2023/CVE-2023-24xx/CVE-2023-2440.json) (`2023-12-01T16:11:41.727`)
* [CVE-2023-47630](CVE-2023/CVE-2023-476xx/CVE-2023-47630.json) (`2023-12-01T16:24:28.727`)
* [CVE-2023-38435](CVE-2023/CVE-2023-384xx/CVE-2023-38435.json) (`2023-12-01T16:28:34.823`)
* [CVE-2023-41442](CVE-2023/CVE-2023-414xx/CVE-2023-41442.json) (`2023-12-01T16:56:41.467`)
* [CVE-2021-22142](CVE-2021/CVE-2021-221xx/CVE-2021-22142.json) (`2023-12-01T18:43:20.167`)
* [CVE-2021-22150](CVE-2021/CVE-2021-221xx/CVE-2021-22150.json) (`2023-12-01T18:53:40.177`)
* [CVE-2022-23821](CVE-2022/CVE-2022-238xx/CVE-2022-23821.json) (`2023-12-01T18:24:11.730`)
* [CVE-2022-23820](CVE-2022/CVE-2022-238xx/CVE-2022-23820.json) (`2023-12-01T18:26:30.530`)
* [CVE-2023-6164](CVE-2023/CVE-2023-61xx/CVE-2023-6164.json) (`2023-12-01T17:05:55.893`)
* [CVE-2023-6438](CVE-2023/CVE-2023-64xx/CVE-2023-6438.json) (`2023-12-01T17:15:07.480`)
* [CVE-2023-47263](CVE-2023/CVE-2023-472xx/CVE-2023-47263.json) (`2023-12-01T17:42:55.113`)
* [CVE-2023-49102](CVE-2023/CVE-2023-491xx/CVE-2023-49102.json) (`2023-12-01T17:48:18.200`)
* [CVE-2023-48706](CVE-2023/CVE-2023-487xx/CVE-2023-48706.json) (`2023-12-01T17:54:29.457`)
* [CVE-2023-36013](CVE-2023/CVE-2023-360xx/CVE-2023-36013.json) (`2023-12-01T17:55:52.290`)
* [CVE-2023-5341](CVE-2023/CVE-2023-53xx/CVE-2023-5341.json) (`2023-12-01T18:01:53.950`)
* [CVE-2023-49321](CVE-2023/CVE-2023-493xx/CVE-2023-49321.json) (`2023-12-01T18:10:56.007`)
* [CVE-2023-49322](CVE-2023/CVE-2023-493xx/CVE-2023-49322.json) (`2023-12-01T18:25:57.977`)
* [CVE-2023-47264](CVE-2023/CVE-2023-472xx/CVE-2023-47264.json) (`2023-12-01T18:32:28.423`)
* [CVE-2023-43757](CVE-2023/CVE-2023-437xx/CVE-2023-43757.json) (`2023-12-01T18:45:24.070`)
* [CVE-2023-4590](CVE-2023/CVE-2023-45xx/CVE-2023-4590.json) (`2023-12-01T18:53:07.967`)
## Download and Usage